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APPENDIX Bl 

As an integrated information communication system(ICS) 
to which an encapsulation technique has been applied, Japanese 
Patent No- 3084681 C2 discloses the below-mentioned ICS system 
owned by the Applicants, the related technical scope of which 
will be explained as follows: 

That is to say, as represented in FIG. 1, the integrated 
information system is mainly subdivided into an internal area 
and an external area. In the internal area of the integrated 
information communication system, a large number of relay 
apparatus are connected to each other via a communication line 
having an IP packet transfer function, whereas in a peripheral 
unit of the integrated information communication system, a 
plurality of access control apparatus (AC) are provided. The 
most of LANs used in enterprises are connected via a user 
communication line to these access control apparatus. The 
integrated information communication system may realize three 
sorts of services, for instance, 1) an "intra-corporation 
communication" service with employment of a private IP address 
defined by the IETF rule; 2) an "inter-corporation 
communication" service without using a private IP address; and 
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also 3) a "virtual dedicated line" service which may pretend 
such a condition that two terminals are virtually and 
continuously connected to each other by way of an IP 
communication line. 

While IP addresses are selectively used in the external 
area and the internal area of the integrated information 
communication system, these IP addresses employed in the 
external area/internal area of the integrated information 
communication system are called as "external /internal 
addresses" . An IP packet of the external area of the integrated 
information communication system is referred to as an "external 
packet" , and an IP packet of the internal area of the integrated 
information communication system is called as an "internal 
packet". An external packet sent out from a LAN is entered 
via a user communication line into an access control apparatus 
which applies an IP header containing an internal address 
applied to a logic terminal of the user communication line to 
the entered external packet, so that the external packet is 
converted into an internal packet ( namely , encapsulation, se£ 
FIG. 2). Then, the internal packet is transferred inside the 
integrated information communication system and thereafter is 
reached to another access control apparatus by which the IP 
header is removed from the internal packet (namely, 
decapsulation). Then, the resultant external packet is sent 

out via another user communication line toward a terminal 
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provided inside a LAN of a communication counter party. 

As shown in FIG. 3, the user communication line is 
subdivided into a user physical communication line 91 , and also 
user logic communication lines 92-1 and 92-2. A logic contact 
(termination of user logic communication line) between the user 
logic communication line(92-l, 92-2) and an access control 
apparatus 90 is referred to as a logic terminal ( 93-1 , 93-2) 
to which an internal address of an IP network is applied so 
as to identify logic terminal. In the example of FIG. 3, the 
user physical communication line 91 contains the user physical 
communication lines 92-1 and 92-2, an internal address W U" is 
applied to the logic terminal 93-1 functioning as a termination , 
or trailing end (contact between access control apparatus 90 
and user logic communication line 92-1) of the user logic 
communication line 92-1, and an internal address "X tt is applied 
to the logic terminal 93-2 of the termination of the user logic 
communication line 92-2. Reference numerals 94-1 to 94-3 show 
terminals connected to the user logic communication lines 92-1 
and 92-2. A subdivision of a physical communication line into 
a plurality of logic communication lines may be realized in, 
for instance, DLCI of a frame relay and/or VPI/VCI of an ATM 
network . 

Then, the embodiment- 15 of the above-described Japanese 
Patent No. 3084681 C2 discloses the technical method of 

"non-capsulation of inter-corporation communication". In 
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other words, the following technical method is disclosed: As 

to the virtual dedicated ( exclusively-used ) line and the intra- 

corporation communication, the external packet is 

encapsulated to produce the internal packet in the access 

control apparatus, and then, this internal packet is 

transferred to the internal area of the integrated information 

communication system. Thereafter, the internal packet is 

decapsulated so as to recover the external packet in another 

access control apparatus, and then, the external packet is 

transmitted via the user communication line to the 

communication counter party. As to the inter-corporatioh 

communication, the external packet is directly regarded as the 

internal packet , while the external packet is not encapsulated, 

and then, is transferred to the internal area of the integrated 

information communication system. Thereafter, the 

transferred external packet is transmitted from another access 

control apparatus (provided on the side of packet reception) 

via the user communication line to the terminal of the 

communication counter party. Such a technical method is 

opened in, for example, the above-explained Japanese Patent 

No. 3084681 C2 . That is, a domain name server(DNS) is applied 

to an integrated information communication network containing 

such a function that an external IP packet is encapsulated so 

as to be converted into an internal packet. In this case, when 

a domain name is inquired, a domain name server (DNS) answers 
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an IP address. 

Furthermore, while both the above-explained IP 

encapsulation technical method and the above-described IP 

decapsulation technical method are employed as the initial 

condition, the embodiment-32 of Japanese Patent No. 3084681 

C2 discloses the packet reception priority control technique. 

That is,' the internal packets which are reached from the 

internal area of the integrated information communication 

system to the access control apparatus'are ordered in 

accordance with the designation of the records of the 

conversion table employed in the access control apparatus , and 

then, are sent out to the external area of the integrated 

information communication system. Also, the embodiment- 33 of 

Japanese Patent No. 3084681 C2 discloses the packet 

transmission priority control technique. That is, the 

external packets which are reached from the external area of 

the integrated information communication system to the access 

control apparatus are ordered in accordance with the 

designation of the records of the conversion table employed 

in the access control apparatus, and then, are sent out to the 

internal area of the integrated information communication 

system. The transfer efficiency of the external IP packet and 

the internal IP packet, which are registered in the record of 

the conversion table, is improved based upon both the 

above-described packet reception priority control and also the 
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above-explained packet transmission priority control. 

However, the servers installed inside the various sorts 
of networks are provided in the internal area of the 
above -described conventional integrated information 
communication system, while these servers may operate/manage 
the integrated information communication system. The servers 
own the respective IP addresses. In the case that such an 
address range which is not encapsulated is present, the 
following high risk may occur. That is^ the operation 
management server receives such an unfair attack that a very 
large amount of IP packets are transmitted from the external 
area of the IP network to the operation management server, and 
that secret data of the operation management server is unfairly 
read out . 
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